SD-WAN & Cloud-Security - SD-WAN Provider · Enable the use of lower cost Internet as a WAN while maintain application performance. Provide flexible WAN architecture for accessing

SD-WAN &Cloud-Security

Über T&A SYSTEME GmbH

Typ: Dienstleister / Systemintegrator im Bereich IT-InfrastrukturenWAN Service Provider

Gründung: Dezember 1993

Größe: 40 Mitarbeiter

Sitz: Am Walzwerk 1, 45527 Hattingen

RZ-Power: Redundante Rechenzentren,Full-Managed Betrieb (ITaaS)

Kunden: Nationale & internationale Unternehmen in unterschiedlichen Branchen

Till BockenheimerGeschäftsfü[email protected]

©2017 T&A SYSTEME, Inc. All rights reserved.


Angebotsbereiche der T&A SYSTEME


Angebotsbereiche im Detail

• Vorstellung VeloCloud, SD-WAN

• SD-WAN managed by T&A SYSTEME

• Vorstellung Zscaler, Cloud-Security

• Integration SD-WAN mit Cloud-Security

Agenda


VeloCloud Cloud-Delivered WAN

Fast. Simple. Secure.

6

VeloCloud Company Background• Re-defining Enterprise

Wide Area Networks– Cloud-Based Software Defined

Wide Area Network– Expand the WAN without

replacing it (migration)– Slash the costs of Wide Area

Networking (WAN)• Company Background

– Founded in 2012– 85 headcounts– Team from leading Networking,

Cloud and Virtualization companies

– Backed by NEA, Venrock, March Capital, Cisco Investment and The Fabric

November 2017− Deployed in 600+ Enterprises− Nearly 50,000 Sites

VMware announced the intent to acquire VeloCloud, the market leader in cloud-delivered SD-WAN that enables enterprises and service providers to deploy flexible, secure WAN connectivity.

https://www.vmware.com/company/acquisitions/velocloud.html

https://www.vmware.com/company/acquisitions/velocloud.html

VeloCloud’s Innovative WAN Solution

Enable the use of lower cost Internet as a WAN while maintain application performance

Provide flexible WAN architecture for accessing both on-premise applications and SaaS

Simplify WAN/branch deployment, configuration, monitoring, and remote troubleshooting

Cable/LTE/DSL MPLS

DIA

Cloud Delivered SD-WAN

Cloud Network

CABLEDSLLTE

MPLSBranch

Edge DC Edge

Enterprise DC


Cloud Network

CABLEDSLLTE

MPLSBranch

Edge DC Edge

Enterprise DC

Dynamic Multi-Path

Cloud VPN

Smart QoS

Next Gen Firewall

Application Performance Monitoring


Cloud Network

CABLEDSLLTE

MPLSBranch

Edge DC Edge

Enterprise DC

Dynamic Multi-Path

Cloud VPN

Smart QoS

Next Gen Firewall

Application Performance Monitoring

WAN Services OrchestrationBusiness Policy DefinitionNetwork Services Insertion

Cloud-Delivered SD-WAN For Enterprise

Dynamic Multi-pathOptimization

Branch Site

Enterprise DC

VeloCloudEdge

VeloCloudEdge

Enterprise DC

SaaS

HybridCloud

PRIVATE/MPLS

Cloud DC

EnterpriseData Center

INTERNET

Public Cloud Gateways

Orchestrator

• Public and private links • On-prem or cloud apps • DC headend optional• Zero touch, thin branch auto provisioned from cloud

• Cloud orchestration eliminates complexity

• Direct path to enterprise and cloud apps

• Scalable, redundant, pay-as-you-go cloud network

VeloCloud Infrastructure

SSAE16 Type II

Audited Datacenters

99.99%

Reliability SLA

Cloud Scale Redundancy

Direct to SaaS With Internet

Exchange

Ashburn, Atlanta, Chicago, Dallas, Denver, New York, San Jose, Seattle, Los Angeles, Miami

Dublin, Frankfurt, Geneva, London

Hong Kong, Singapore, Sydney, Tokyo

VeloCloud Orchestrator

Network-wide business

policy for data, voice & video

View of link quality with and without VeloCloud

VeloCloudmeasures dynamic

bandwidth on each link

Application visibility,

analytics and bandwidth

usage

100 msec

DSL

MPLS

LTE

• Automatic Link Monitoring• Auto Detection of Provider• Auto Configuration of Link Characteristics,

Routing and QoS Settings• Intelligent Application Learning

• Quality of the connection

Dynamic Multi-Path Optimization

Dynamic Multi-Path Optimization (DMPO)

App performance over broadband, LTE and private circuits

WAN MonitoringAutomatic capacity testing

Continuous link & path quality monitoring

App SteeringAggregate Links

App Aware per Packet SteeringOptimal link & path across Internet

and private

Link RemediationError & jitter correction

Automatic steering for brownouts/blackout

https://www.youtube.com/watch?v=mdNbNn4Ucy4 (2:50 - 5:30)

https://www.youtube.com/watch?v=mdNbNn4Ucy4

Dynamic Multi-Path Optimization (DMPO)

17

• Drives automation and optimization

Assured Application Performance over Any Type of Link

• Sub-second steering without session drops• Aggregated bandwidth for single flows

• Protects against concurrent degradation• Enables single link performance

Dynamic Per Packet Steering

On Demand Remediation

Continuous Link Monitoring

VeloCloud Application Recognition

VeloCloud Deep Application Recognition

Deep Packet InspectionApplication recognition & application metadata

Learning databaseCached DPI result to assist with first packet classification

Cloud service directoryUp-to-date database of cloud service IPs

3000+ Applications

Automated QoE

• Application-aware link steering• Bandwidth aggregation for single

flow• On demand remediation

• Error correction, jitter buffering, NACK

• Overlay QoS

• Link performance- packet loss, latency, jitter

• Link capacity• Congestion

Business Priority

Real-Time Link Metrics

App

Rec

ogni

tion +

Business Collaboration Audio/video

VDI,Business App

Infra, Auth , Mgmt, NW Services, Tunneling

IM App , Web,Proxies,

Games, Media, Social

Email Storage,Backup, P2P

Real-time

Transactional

Bulk

HIGH NORMAL LOW

File Sharing

35% 15% 1%

1%7%20%

20% 5% 1%

SaaS Performance Summary

• 10x faster response time

Dual 20Mbps Links / 50 MB Box File TransferWithout VeloCloud VeloCloud

No Loss 22 sec 12 sec2% Packet Loss 134 sec 13 sec

Real World VoIP Results

MOS with VeloCloud

MOS with Internet

60%VoIP calls having

good quality(MOS > 3.6)

Traditional Internet

99%VoIP calls having

good quality(MOS > 3.6)

WithVeloCloud

MOS > 3.6 = Good call

Mean Opinion Score

Internet Can Deliver 99%+ QualityWith VeloCloud’s Cloud-Delivered SD-WAN

Cable DSL Ethernet &Fiber

4G LTE

Ease of Network Services Insertion

Branch Site

Enterprise DCOr

Regional HubsOn Premise Email DLP

Other Web traffic

Salesforce.com

Web email

Internet

• One-click service insertion• Virtual services platform at branch • Optimized performance to remote cloud and

centralized enterprise services • Partner ecosystem

Rapid Branch Rollout

Truck roll and IT personal required to configure & deploy new branch. No centralized control.

Dependency on wired circuit delays branch bring up and reduce productivity

Traditional WAN Deployment

$200-$2000 per truck roll

VeloCloud Zero Touch Deployment No local IT touch. Drop ship the unit and activate. Plug and play - auto-discover WAN links including

bandwidth and ISPs Profile based configuration eliminates tedious

branch-by-branch configuration Optional DC install greatly simplify branch bring-up

$0 truck roll

Run Real-time Voice or Video

Poor Internet performance affects voice and video quality

High cost from using MPLS to deliver high quality voice and video

Traditional WAN

17%The Internet fails

to deliver UC

of the time*

VeloCloud SD-WAN for UC Deliver high quality voice and video over the

Internet

Dynamic error correction mitigates network issues and assure voice ad video performance

> 99%

VeloCloudCloud-Delivered

SD-WAN

of the time*

Combine All WAN Links with Intelligent Link Bonding

Typical setup is active/standby WAN. Complex routing protocol tuning required to enable active/active.

Link performance degradation will severely affect throughput

Traditional WAN VeloCloud Cloud-Delivered SD-WAN Per-packet load balancing utilizes all links to

maximize throughput even for single traffic flow, e.g. large backup

Real time link performance awareness on-demand remediation ensures maximum possible throughput

2-3x higher throughput, better app performance

EnterpriseBackup

Poor WAN link utilization with active/standby

EnterpriseBackup

Any WAN Services Anywhere

Deploy local branch services requires additional appliances and is difficult to manage

Centralize service requires backhauling that increases latency and impact performance

Utilize services in the cloud requires complex routing configuration

Traditional Approach to WAN Services VeloCloud’s Flexible Service Insertion Per-application service insertion policy Run local services, e.g. firewall, IPS on the VeloCloud

hardware. Keep the branch lean. Backhaul select applications to services in the DC Chain cloud services for specific application, e.g. Web

browsing is subjected to cloud Web security

Deploy stack of branch

appliances

Backhaul everything

Complexity of redirecting to cloud services

OR OR

DLP

VeloCloud HA Design – L2 Switch

• The same ISP link mush be connected to the same port on both Edges– Use L2 switch to make the same ISP link

available to both edges• The standby edge does not interfere with any

traffic by blocking all its ports except the failover link (L1 port)

• The session information is synchronized between active and standby edge through the failover link

• If the active edge detects lost of LAN link it will also failover to another edge assuming it has active LAN link

ISP1 ISP2

W1 W2

L1 L1

L2Switch

L2Switch

InternetRouter/CPE

VeloCloud Edge Portfolio

VeloCloud SD-WAN Solution and Benefits

WAN Monitoring Simplify Branch Deployments

• Cloud orchestration enables automated deployments

• Business-policy based configurations

• Fast access with ordinary broadband links incl 4G-LTE

Improve AgilityFast Cloud adoption

• Direct access for SaaS and Cloud deployed applications

• Ensure application performance

• Leverage cloud-based security like Zscaler

Reduce Total Cost of Ownership

• Leverage ordinary broadband internet links to reduce WAN cost

• Move branch services to the cloud to reduce branch sprawl

• Pay-as-you-grow subscription model

Assure Application Performance

• Optimal link & path across Internet and private links

• App Aware per Packet Steering & Link remediation

• Continuous link & path quality monitoring, visibility, control

Compelling Value Proposition for Enterprises

FasterInstalls

LessMoney

FasterSpeed

SD-WANmanaged by T&A


• Erfahrungen mit Velocloud Implementation und Betrieb seit 2015• Konzeption und Implementation SD-WAN inklusive Transition• Bereitstellung von Internetleitungen weltweit• Optimierte Inbetriebnahme mittels LTE und Out of Band Management• Management und Entstörung von Internetleitungen weltweit• Management bereits vorhandener Leitungen• Bereitstellung Inband Monitoring für Datacenter<->Site Überwachung• Bereitstellung Management Dashboard für VCO, OoBM, Inband Mgmt.• WAN Operation Center Support: 24x7, 2h• Festpreise für alle Services und Leistungen

Hüttentalk: Rechenzentrum - Quo Vadis?37

T&A managed Velocloud SD-WAN Services Benefits


Bofrost (Handel, HQ Straelen)• Ablösung Telekom MPLS durch SD-WAN mit xDSL Internetleitungen• Anbindung von 169 Standorte in der EU innerhalb von 5 Monaten

davon 2 Monate Vorlauf für die Leitungsbeschaffungifm electronic (Industrie, HQ Essen)

• Ablösung Cisco DMVPN durch SD-WAN mit xDSL und Internet-Festleitungen• Anbindung von 25 Standorten in Deutschland + Japan und Singapur • Geplanter Endausbau: 110 Standorte weltweit

Röhlig Blue Net (Logistik, HQ Hamburg)• Ablösung Barracuda VPN durch SD-WAN mit Internet-Festleitungen• Anbindung von 8 Standorten weltweit (China, Indien, Argentinien, Japan,…)• 86 Standorte weltweit

SD-WAN Servicekunden der T&A SYSTEME


Bofrost

Ifm electronic

Röhlig Blue Net

Verbindung Latenz (bester - schlechtester Tunnel)

Hamburg / IN-Bangkok 116 ms – 183 ms

Hamburg / AR-Buenos Aires 121 ms – 134 ms

Hamburg / CH-Zhangjang 109 ms – 167 ms (10% packet loss)

Hamburg / FR-Lyon 17 ms – 49 ms

Essen / JP-Chiba-Ken 132 ms – 147 ms

Essen / SG-Singapur 77 ms – 108 ms

Frankfurt / MA-Marrakesh 29 ms – 53 ms

Frankfurt / AT-Wien 8 ms – 9 ms

Frankfurt / DE-Dresden 9 ms – 34 ms

Latenzen im SD-WAN VPN mit Standard-Internetleitungen

SD-WAN Management Dashboard (von T&A)

Out of Band Management


WAN Anschluss Equipment (HA)


Inband Monitoring


©2017 Zscaler, Inc. All rights reserved.47

Secure IT Transformation to a Cloud-Enabled Enterprise

The cloud security leader

IT’S TIME TO BREAK FREE FROM THE OLD WORLD OF IT

Network and Application Access Transformation


Zscaler: The market leader in cloud security

TECHNOLOGY INNOVATION

Cloud security platform Purpose-built (100 patents)

Largest security cloud100 data centers

30B requests a day125M threats blocked a day

MARKET LEADERSHIP

Trusted by G20005,000 organizations

15M users in 185 countries

Global partners

FINANCIAL STRENGTH

Accelerating growth125% renewal rate

Solid financial model

Backed by

INDUSTRY ACCOLADES

MQ Leader Wave Leader


Zscaler = Zenith of scalability: Three dimensions of scale

PROTECTION ACROSS COUNTRIES

80,000

120,000

162,000

125,000

155,000

400,000

~1.6M

~1.3M

300,000

130125120113 19055 70

5K+ Organizations

15M+ Users

All users – All traffic

MO

NTH

LY O

FFIC

E 36

5 TR

AFFI

C (T

B)

83 TB

44 TB

38 TB

37 TB

35 TB


Leader – 6 years in a row

Leading industry analysts agree…

Zscaler is a very strong choice for any organization interested in a cloud gateway.

…On-premises Web content security can’t protect digital business…


Cloud and mobility are powerful enablers, but break perimeter security

HeadquartersHub and Spoke Architecture


Cloud and mobility are powerful enablers, but break perimeter security



Cloud and mobility are powerful enablers, but break perimeter securityUsing ‘90s on-premises controls to secure the

network when the Internet is the new network

Connections are following the path of least resistance

Users are leaving the corporate network


?

If you don’t control the network (Internet), how can you secure it? The traditional network security stack is irrelevant.

? ?


Old IT: Business inside the corporate network (static perimeter)Castle and moat: Secure the network to secure servers, apps, and users

NetworkCorporate



Outbound Gateway

FW / IPS

URL Filter

NetworkCorporate

Outbound Gateway



Outbound Gateway

FW / IPS

URL Filter

Antivirus

DLP

SSL

Sandbox

Outbound gatewaysSecure access to Internet

More threats, more appliances

NetworkCorporate

Outbound Gateway



Outbound Gateway

FW / IPS

URL Filter

Antivirus

DLP

SSL

Sandbox

Global LB

DDoS

FW/IPS

RAS (VPN)

Internal FW

Internal FW/LB



Inbound gatewaysVPN to access DC apps

More users, more appliances

NetworkCorporate

Moscow

Outbound & Inbound Gateway



Outbound Gateway

FW / IPS

URL Filter

Antivirus

DLP

SSL

Sandbox

Global LB

DDoS

FW/IPS

RAS (VPN)

Internal FW

Internal FW/LB



Inbound gatewaysVPN to access DC apps

More users, more appliances

NetworkCorporate

Moscow

Outbound & Inbound Gateway

Network Security – ‘90s Design• Expensive to deploy• Complex to manage• Security compromises• Poor user experience

“Afraid of breaking something, no one dares to touch our

gateways/DMZ.” – Head of infrastructure ops, F500

Can you relate to this security stack?


An architectural approach for secure IT transformation

IoTON-THE-GO HQ / BRANCHES

Security and Access Control

PRIVATE DC

SAAS

OPEN INTERNET

PUBLIC CLOUD

DC APPS

External Internal


An architectural approach for secure IT transformation

IoTON-THE-GO HQ / BRANCHES

Security and Access Control

PRIVATE DC

SAAS

OPEN INTERNET

PUBLIC CLOUD

DC APPS

Allows internal apps to behave like cloud apps

External Internal

Secure the networkSecure Policy-Based Access connecting the right user, to the right app or service


Inbound & Outbound Gateway

Ext. FW / IPS

URL Filtering

Antivirus

DLP

SSL

Sandbox

Global LB

DDoS

Ext FW/IPS

RAS (VPN)

Internal FW

Internal LB

A new approach to app access and security: Flip the security modelFast, secure, policy-based access connecting the right user to the right service and app

HQ/IOTMOBILE

DC APPS

BRANCH

Securing the network is no longer relevant



Ext. FW / IPS

URL Filtering

Antivirus

DLP

SSL

Sandbox

Global LB

DDoS

Ext FW/IPS

RAS (VPN)

Internal FW

Internal LB

Outbound Gateway Inbound Gateway

ZSCALER INTERNET ACCESSSecure access to the Internet

and SaaS appsX X


HQ/IOTMOBILE

DC APPS

BRANCH




Ext. FW / IPS

URL Filtering

Antivirus

DLP

SSL

Sandbox

Global LB

DDoS

Ext FW/IPS

RAS (VPN)

Internal FW

Internal LB

Outbound Gateway Inbound Gateway

ZSCALER INTERNET ACCESSSecure access to the Internet

and SaaS appsX X


HQ/IOTMOBILE

DC APPS

BRANCH


ZSCALER PRIVATE ACCESS Secure access to private apps: Data center or cloud


The largest security cloud: Reliable, available, and fast

30B+Requests/day

125M+Threats

blocked/day

120K+Unique security

updates/day

100 DATA CENTERS – 5 CONTINENTS

PEERING IN INTERNET EXCHANGES150+

Vendors peered

SecureOngoing third-party testing

CertifiedReliableRedundancy within and

failover across DCs

TransparentTrust Portal for service availability monitoring


Secure network transformationEnabled by moving security to the cloud

Hub-and-Spoke

Secure the network to protect users and apps

All users must be on-network for protection

Internet traffic backhauled over MPLS for protection

FROM: HUB – AND – SPOKE ARCHITECTURE TO: HYBRID CLOUD ARCHITECTURE

Policy-based access, users to apps

On-net, off-net the user is always protected

Local Internet breakouts


POLICY

Secure application access transformationEnabled by moving to software-defined access controls in the cloud

App access requires users to be on the network

App segmentation requires network segmentation

Broad attack surface

App access driven by policy, users never on the network

App segmentation without network segmentation

Minimal attack surface (invisible apps)

FROM: NETWORK-BASED ACCESS TO: POLICY-BASED ACCESS ARCHITECTURE

Inbound Gateway


(BROADBAND)

A three-step journey to cloud and mobility transformationSECURE

Up-level your security

Enable secure SD-WAN / local Internet breakouts – optimize backhaul.

Deliver a better and more secure user experience.

TRANSFORMCloud-enable your network

SIMPLIFYRemove point products

Phase out gateway appliances at your own pace.

Reduce cost and management overhead.

Make Zscaler your next hop to the Internet.

Fast to deploy. No infrastructure changes required.


Zscaler Internet Access: Secure, fast access to the Internet and SaaSEliminates the appliance mess: Allowing IT to focus on strategic / architectural initiatives.

Easy to forward traffic and authenticate users

MOBILE

Default route to InternetBlock the bad, protect the good

Zscaler App/ PAC File GRE/IPsec

HQ / IoT BRANCH

ID Provider

• You retain full control – policy and admin• Policies by user, locations, AD groups • Follow-the-user policy for the same

protection at any location, any device

Global real-time policy engine• Global visibility - cloud apps and usage• Identify botnet-infected machines that

need to be remediated

Real-life analytics – Actionable info

MPLS

DC APPS


Ransomware Attack Livecycle







Zscaler purpose-built multi-tenant cloud security platform

Purchase what you need and you can always expand with a click of a button

Powered by Patented TechnologiesSSMA

All security engines fire with each content scan – only

microsecond delay

ByteScanTM

Each outbound/inbound byte scanned, native SSL

scanning

PageRiskTM

Risk of each object computed inline,

dynamically

NanoLogTM

50:1 compression, real-time global log

consolidation

PolicyNowPolices follow the user for Same on-premise,

off-premise protection

ACCESS CONTROL

CLOUD FIREWALL

URL FILTERING

BANDWIDTH CONTROL

DNS FILTERING

THREAT PREVENTION

ADVANCED PROTECTION

ANTI-VIRUS

CLOUD SANDBOX

DNS SECURITY

DATA PROTECTION

FILE TYPE CONTROLS

DATA LOSS PREVENTION

CLOUD APPS (CASB)


Zscaler Private Access: Secure and fast access to private apps New approach to accessing internal apps: Connect a named user to a named app

• User not on the network - App access doesn’t need network access (unlike VPN)

• Invisible apps – Apps not exposed to the Internet (DDoS protection)

• App segmentation – No network segmentation needed

• App can reside anywhere – Azure, AWS, DC

Reduced cost and complexity – Better security and user experience

4 Key Design Tenets

Z-CONNECTOR

Z-APP

POLICY ENGINEUser requests access to SAP (authenticated)1

2 Policy determines if access is permitted (auth before access)

If authorized, Zscaler Cloud initiates outbound connections from Z-Connector and Z-App (per app)

3

Connections are stitched together in the cloud4

How it works

DC APPS

MOSCOW MADRID

Z-CONNECTOR


Common Zscaler Private Access use cases

Unmatched security – Simplified IT – Better user experience

M&A and DivestituresDo you feel comfortable in connecting the two networks to access each company’s apps?

Provide named users access to named apps without merging networks.

SECURE PARTNER ACCCESSShould partners/contractors be on your corporate network via VPN?

Only grant partners access to a server in the data center, not the network. (dev teams, contractors)

VPN REPLACEMENTIs your VPN slow? Is it a security risk?

Users get access to specific apps. They are never brought onto the network and apps are never exposed to the Internet – no hardware needed.

ACCESS INTERNAL APPS LIKE SALESFORCEYou moved private apps to a modern IaaS but your access is still legacy VPN.

Securely access private apps without requiring VPN or having to deploy infrastructure.


Unmatched security – all users, branches, and devices

Consistent policy and protection

Always up-to-date

Reduced Risk(CISO)

Zscaler: The foundation of a modern access and security architecture

Consolidate point products and simplify IT

Cloud-enabled network

Rapid deployment

IT Simplification(CTO / IT Head)

No Capex, elastic subscription fee

Reduced Opex, no box management

Reduced MPLS costs

Impressive Value(CIO / CFO)

Higher productivity –local breakouts

Prioritize business apps

Empowers users to leverage cloud apps

Fast Response Time(End-Users)


©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Zscaler™, SHIFT™, Direct-to-Cloud™ and ZPA™ are trademarks or registered trademarks of Zscaler, Inc. in the United States and/or other countries. All other trademarks are the property of their respective owners.

• Securing a distributed and mobile workforce• Securing an SD-WAN transformation • Securing access to apps on AWS or Azure• Office 365 deployment

©2017 Zscaler, Inc. All rights reserved.

Where can you start?

VeloCloud Virtual Services Delivery with

Zscaler

Ease of Zscaler Service Insertion

81

Branch Site

VeloCloud Networks Proprietary & Confidential | © Copyright 2015

CorporateDatacenter

RegionalDatacenter

VeloCloudEdge

VeloCloudGateways

VeloCloudOrchestrator

VeloCloudEdge

VeloCloudEdge

• SDWAN extended to Zscaler security• Eliminate backhaul• Via Gateways and regional Edges to

optimal Zscaler clouds

at VeloCloud or Partner clouds

Zscaler & VeloCloud: Simple, Secure, Reliable

Branch Site

CorporateDatacenter

VeloCloud EdgeHub

VeloCloudEdge

Exploits APTMalware Botnets

Internet and Cloud Apps

VeloCloudGateway

Dynamic Multi-Path Optimization

Zscaler Internet Access

VeloCloud Dynamic Multipath Optimizationover SD-WAN delivers application performance and reliability to Zscaler over Internet

Single-click Application-Aware Policies for security insertion enables enterprise-wide business policies

Secure, fast access to the Internet and SaaS applications with Zscaler Internet Access to block the bad and protect the good

Deploying Zscaler Integration in 3 Easy Steps

Zscaler Web Security

Branch Site

Internet

1. Configure Zscaler web security account



Branch Site

Internet


2. Instantiate non-VeloCloud site. Configure VPN, Location, authentication in VeloCloud Orchestrator



Branch Site

Internet


2. Instantiate non-VeloCloud site. Configure VPN, Location, authentication in VeloCloud Orchestrator

3. Define business policy in VeloCloud todetermine web security screening

VeloCloud - Zscaler Integration Benefits

Key Features and Benefits

• Cloud SecurityAnti-Virus, Data Loss Prevention, Web Content Filtering, IaaSSecurity, Shadow IT, HTTPS/SSL Scanning

• Security Information & Event Mgmt. (SIEM)SNMP, Sys Log, FW Logging aggregation, analysis, correlation, compliance reporting, and log retention

Integration benefits for Enterprise Customers:• Assurance that critical applications and security

functions are maintained and/or improved• Simple & quick deployment of new services,

features, and apps• Operational simplicity with “single-click/single-

pane” licensing, setup, and mgmt.

Hüttentalk: „Effiziente IT für kleine und mittelständische Unternehmen“87 |


Unsere Plattform für den Informations- und Erfahrungsaustausch zu IT-Themen mit aktueller Brisanz.

Live-Sessions zu neuester Technologie &modernsten IT- Management-Verfahren

Erfahrungsberichte aus der Projektpraxis

Aktuellste Informationen und Herstellermaterialien

Wir stehen Ihnen sehr gerne zur Verfügung!

Kontaktdaten

ANSCHRIFTT&A SYSTEME GmbH, Am Walzwerk 1, 45527 Hattingen

TELEFON+49 2324 9258 0

[email protected]


https://goo.gl/maps/4Qak8kv1GTA2

mailto:[email protected]

Documents

SD-WAN & Cloud-Security - SD-WAN Provider · Enable the use of lower cost Internet as a WAN while maintain application performance. Provide flexible WAN architecture for accessing